Configure OpenLDAP

We need to modify OpenLDAP server setting, add a new access control to allow user add or update their personal contacts.

Open OpenLDAP config file slapd.conf, it could be one of below:

RHEL/CentOS/OpenSuSE: /etc/openldap/slapd.conf

Debian/Ubuntu: /etc/ldap/slapd.conf

FreeBSD: /usr/local/etc/openldap/slapd.conf

Find this line:

File: slapd.conf

access to attrs="userPassword,mailForwardingAddress"

Then add below lines ABOVE it (NOTE: You must replace dc=iredmail,dc=org by your own LDAP suffix below):

File: slapd.conf

access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
by anonymous none
by self none
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write
by users none

The final result looks like below:

File: slapd.conf

access to dn.regex="cn=[^,]+,mail=([^,]+)@([^,]+),ou=Users,domainName=([^,]+),o=domains,dc=iredmail,dc=org$"
by anonymous none
by self none
by dn.exact="cn=vmail,dc=iredmail,dc=org" read
by dn.exact="cn=vmailadmin,dc=iredmail,dc=org" write
by dn.regex="mail=$1@$2,ou=Users,domainName=$3,o=domains,dc=iredmail,dc=org$" write
by users none
access to attrs="userPassword,mailForwardingAddress"
[...SKIP OTHER LINES HERE...]

Restart OpenLDAP service to make it work.

Configure Roundcube Webmail

Open Roundcube webmail config file main.inc.php, it could be one of below:

RHEL/CentOS: /var/www/roundcubemail/config/main.inc.php

Debian/Ubuntu: /usr/share/apache2/roundcubemail/config/main.inc.php

OpenSuSE: /srv/www/roundcubemail/config/main.inc.php

FreeBSD: /usr/local/www/roundcubemail/main.inc.php

Add below lines before the last line "?>" (NOTE: You must replace dc=iredmail,dc=org by your own LDAP suffix below):

Test

After restaring OpenLDAP server and Apache web server, you can now log into Roundcube webmail, click "Address Book" on the top-right cornor, select Personal LDAP Address Book, then try to add and update new contacts.

Note to iRedAdmin-Pro-LDAP customers

If you're using iRedAdmin-Pro-LDAP-1.4.0 with personal LDAP address book, you can't delete users who has contacts stored in LDAP. Please follow below steps to fix it.

Save below content as file personal_addr_book.patch and upload or copy it to directory /tmp on your server which has iRedAdmin-Pro-LDAP running.